Ubuntu security notices

[USN-547-1] PCRE vulnerabilities

Tue, 27 Nov 2007 02:58:12 +0000

Ubuntu Security Notice USN-547-1          November 27, 2007
pcre3 vulnerabilities
CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662,
CVE-2007-4766, CVE-2007-4767, CVE-2007-4768

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

libpcre3 7.4-0ubuntu0.6.06.1
libpcrecpp0 7.4-0ubuntu0.6.06.1

Ubuntu 6.10

libpcre3 7.4-0ubuntu0.6.10.1
libpcrecpp0 7.4-0ubuntu0.6.10.1

Ubuntu 7.04

libpcre3 7.4-0ubuntu0.7.04.1
libpcrecpp0 7.4-0ubuntu0.7.04.1

Ubuntu 7.10

libpcre3 7.4-0ubuntu0.7.10.1
libpcrecpp0 7.4-0ubuntu0.7.10.1

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

Due to the large internal code changes needed to solve outstanding flaws, it was not possible to backport all the upstream security fixes to the earlier released versions. To address this, the pcre3 library has been updated to the latest stable release (7.4), which includes fixes for all known security issues. While the new version is ABI compatible, efforts have been taken to maintain behavioral compatibility with the earlier versions.

Details follow:

Tavis Ormandy and Will Drewry discovered multiple flaws in the regular expression handling of PCRE. By tricking a user or service into running specially crafted expressions via applications linked against libpcre3, a remote attacker could crash the application, monopolize CPU resources, or possibly execute arbitrary code with the application's privileges.

[USN-548-1] Pidgin vulnerability

Wed, 28 Nov 2007 23:29:45 +0000

Ubuntu Security Notice USN-548-1          November 28, 2007
pidgin vulnerability
CVE-2007-4999

A security issue affects the following Ubuntu releases:

Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 7.10

libpurple0 1:2.2.1-1ubuntu4.1

After a standard system upgrade you need to restart Pidgin to effect the necessary changes.

Details follow:

It was discovered that Pidgin did not correctly handle certain logging events. A remote attacker could send specially crafted messages and cause the application to crash, leading to a denial of service.

[USN-549-1] PHP vulnerabilities

Thu, 29 Nov 2007 22:45:40 +0000

Ubuntu Security Notice USN-549-1          November 29, 2007
php5 vulnerabilities
CVE-2007-1285, CVE-2007-2872, CVE-2007-3799, CVE-2007-3998,
CVE-2007-4657, CVE-2007-4658, CVE-2007-4660, CVE-2007-4661,
CVE-2007-4662, CVE-2007-4670, CVE-2007-5898, CVE-2007-5899

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

libapache2-mod-php5 5.1.2-1ubuntu3.10
php5-cgi 5.1.2-1ubuntu3.10
php5-cli 5.1.2-1ubuntu3.10

Ubuntu 6.10

libapache2-mod-php5 5.1.6-1ubuntu2.7
php5-cgi 5.1.6-1ubuntu2.7
php5-cli 5.1.6-1ubuntu2.7

Ubuntu 7.04

libapache2-mod-php5 5.2.1-0ubuntu1.5
php5-cgi 5.2.1-0ubuntu1.5
php5-cli 5.2.1-0ubuntu1.5

Ubuntu 7.10

libapache2-mod-php5 5.2.3-1ubuntu6.1
php5-cgi 5.2.3-1ubuntu6.1
php5-cli 5.2.3-1ubuntu6.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

It was discovered that the wordwrap function did not correctly check lengths. Remote attackers could exploit this to cause a crash or monopolize CPU resources, resulting in a denial of service. (CVE-2007-3998)

Integer overflows were discovered in the strspn and strcspn functions. Attackers could exploit this to read arbitrary areas of memory, possibly gaining access to sensitive information. (CVE-2007-4657)

Stanislav Malyshev discovered that money_format function did not correctly handle certain tokens. If a PHP application were tricked into processing a bad format string, a remote attacker could execute arbitrary code with application privileges. (CVE-2007-4658)

It was discovered that the php_openssl_make_REQ function did not correctly check buffer lengths. A remote attacker could send a specially crafted message and execute arbitrary code with application privileges. (CVE-2007-4662)

It was discovered that certain characters in session cookies were not handled correctly. A remote attacker could injection values which could lead to altered application behavior, potentially gaining additional privileges. (CVE-2007-3799)

Gerhard Wagner discovered that the chunk_split function did not correctly handle long strings. A remote attacker could exploit this to execute arbitrary code with application privileges. (CVE-2007-2872, CVE-2007-4660, CVE-2007-4661)

Stefan Esser discovered that deeply nested arrays could be made to fill stack space. A remote attacker could exploit this to cause a crash or monopolize CPU resources, resulting in a denial of service. (CVE-2007-1285, CVE-2007-4670)

Rasmus Lerdorf discovered that the htmlentities and htmlspecialchars functions did not correctly stop when handling partial multibyte sequences. A remote attacker could exploit this to read certain areas of memory, possibly gaining access to sensitive information. (CVE-2007-5898)

It was discovered that the output_add_rewrite_var fucntion would sometimes leak session id information to forms targeting remote URLs. Malicious remote sites could use this information to gain access to a PHP application user's login credentials. (CVE-2007-5899)

[USN-550-1] Cairo vulnerability

Mon, 03 Dec 2007 21:42:42 +0000

Ubuntu Security Notice USN-550-1          December 03, 2007
libcairo vulnerability
CVE-2007-5503

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

libcairo2 1.0.4-0ubuntu1.1

Ubuntu 6.10

libcairo2 1.2.4-1ubuntu2.1

Ubuntu 7.04

libcairo2 1.4.2-0ubuntu1.1

Ubuntu 7.10

libcairo2 1.4.10-1ubuntu4.1

After a standard system upgrade you need to restart your session to effect the necessary changes.

Details follow:

Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with user privileges.

[USN-551-1] OpenLDAP vulnerabilities

Tue, 04 Dec 2007 03:16:06 +0000

Ubuntu Security Notice USN-551-1          December 04, 2007
openldap vulnerabilities
CVE-2007-5707, CVE-2007-5708

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

slapd 2.2.26-5ubuntu2.4

Ubuntu 6.10

slapd 2.2.26-5ubuntu3.2

Ubuntu 7.04

slapd 2.3.30-2ubuntu0.1

Ubuntu 7.10

slapd 2.3.35-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Thomas Sesselmann discovered that the OpenLDAP slapd server did not properly handle certain modify requests. A remote attacker could send malicious modify requests to the server and cause a denial of service. (CVE-2007-5707)

Toby Blake discovered that slapd did not properly terminate an array while running as a proxy-caching server. A remote attacker may be able to send crafted search requests to the server and cause a denial of service. This issue only affects Ubuntu 7.04 and 7.10. (CVE-2007-5708)

[USN-549-2] PHP regression

Tue, 04 Dec 2007 03:45:53 +0000

Ubuntu Security Notice USN-549-2          December 03, 2007
php5 regression
Bug 173043

A security issue affects the following Ubuntu releases:

Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 7.10

libapache2-mod-php5 5.2.3-1ubuntu6.2
php5-cgi 5.2.3-1ubuntu6.2
php5-cli 5.2.3-1ubuntu6.2

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

USN-549-1 fixed vulnerabilities in PHP. However, some upstream changes were incomplete, which caused crashes in certain situations with Ubuntu 7.10. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

[USN-546-2] Firefox regression

Tue, 04 Dec 2007 20:56:11 +0000

Ubuntu Security Notice USN-546-2          December 04, 2007
firefox regression
https://bugzilla.mozilla.org/show_bug.cgi?id

A security issue affects the following Ubuntu releases:

Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.10

firefox 2.0.0.11+0nobinonly-0ubuntu0.6.10

Ubuntu 7.04

firefox 2.0.0.11+1nobinonly-0ubuntu0.7.4

Ubuntu 7.10

firefox 2.0.0.11+2nobinonly-0ubuntu0.7.10

After a standard system upgrade you need to restart Firefox to effect the necessary changes.

Details follow:

USN-546-1 fixed vulnerabilities in Firefox. The upstream update included a faulty patch which caused the drawImage method of the canvas element to fail. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that Firefox incorrectly associated redirected sites as the origin of "jar:" contents. A malicious web site could exploit this to modify or steal confidential data (such as passwords) from other web sites. (CVE-2007-5947) Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. (CVE-2007-5959) Gregory Fleischer discovered that it was possible to use JavaScript to manipulate Firefox's Referer header. A malicious web site could exploit this to conduct cross-site request forgeries against sites that relied only on Referer headers for protection from such attacks. (CVE-2007-5960)

[USN-552-1] Perl vulnerability

Wed, 05 Dec 2007 00:07:16 +0000

Ubuntu Security Notice USN-552-1          December 04, 2007
perl vulnerability
CVE-2007-5116

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

libperl5.8 5.8.7-10ubuntu1.1

Ubuntu 6.10

libperl5.8 5.8.8-6ubuntu0.1

Ubuntu 7.04

libperl5.8 5.8.8-7ubuntu0.1

Ubuntu 7.10

libperl5.8 5.8.8-7ubuntu3.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

It was discovered that Perl's regular expression library did not correctly handle certain UTF sequences. If a user or automated system were tricked into running a specially crafted regular expression, a remote attacker could crash the application or possibly execute arbitrary code with user privileges.

[USN-553-1] Mono vulnerability

Wed, 05 Dec 2007 00:08:19 +0000

Ubuntu Security Notice USN-553-1          December 04, 2007
mono vulnerability
CVE-2007-5197

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

mono-classlib-1.0 1.1.13.6-0ubuntu3.3
mono-classlib-2.0 1.1.13.6-0ubuntu3.3

Ubuntu 6.10

libmono-corlib1.0-cil 1.1.17.1-1ubuntu7.2
libmono-corlib2.0-cil 1.1.17.1-1ubuntu7.2
libmono-security1.0-cil 1.1.17.1-1ubuntu7.2
libmono-security2.0-cil 1.1.17.1-1ubuntu7.2

Ubuntu 7.04

libmono-corlib1.0-cil 1.2.3.1-1ubuntu1.1
libmono-corlib2.0-cil 1.2.3.1-1ubuntu1.1
libmono-security1.0-cil 1.2.3.1-1ubuntu1.1
libmono-security2.0-cil 1.2.3.1-1ubuntu1.1

Ubuntu 7.10

libmono-corlib1.0-cil 1.2.4-6ubuntu6.1
libmono-corlib2.0-cil 1.2.4-6ubuntu6.1
libmono-security1.0-cil 1.2.4-6ubuntu6.1
libmono-security2.0-cil 1.2.4-6ubuntu6.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

It was discovered that Mono did not correctly bounds check certain BigInteger actions. Remote attackers could exploit this to crash a Mono application or possibly execute arbitrary code with user privileges.

[USN-554-1] teTeX and TeX Live vulnerabilities

Thu, 06 Dec 2007 21:04:59 +0000

Ubuntu Security Notice USN-554-1          December 06, 2007
tetex-bin, texlive-bin vulnerabilities
CVE-2007-5935, CVE-2007-5936, CVE-2007-5937

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

tetex-bin 3.0-13ubuntu6.1

Ubuntu 6.10

tetex-bin 3.0-17ubuntu2.1

Ubuntu 7.04

tetex-bin 3.0-27ubuntu1.2

Ubuntu 7.10

texlive-extra-utils 2007-12ubuntu3.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Bastien Roucaries discovered that dvips as included in tetex-bin and texlive-bin did not properly perform bounds checking. If a user or automated system were tricked into processing a specially crafted dvi file, dvips could be made to crash and execute code as the user invoking the program. (CVE-2007-5935)

Joachim Schrod discovered that the dviljk utilities created temporary files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. (CVE-2007-5936)

Joachim Schrod discovered that the dviljk utilities did not perform bounds checking in many instances. If a user or automated system were tricked into processing a specially crafted dvi file, the dviljk utilities could be made to crash and execute code as the user invoking the program. (CVE-2007-5937)

[USN-555-1] e2fsprogs vulnerability

Sat, 08 Dec 2007 04:56:09 +0000

Ubuntu Security Notice USN-555-1          December 08, 2007
e2fsprogs vulnerability
CVE-2007-5497

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

e2fslibs 1.38-2ubuntu2.1

Ubuntu 6.10

e2fslibs 1.39-1ubuntu0.1

Ubuntu 7.04

e2fslibs 1.39+1.40-WIP-2006.11.14+dfsg-2ubuntu1.1

Ubuntu 7.10

e2fslibs 1.40.2-1ubuntu1.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Rafal Wojtczuk discovered multiple integer overflows in e2fsprogs. If a user or automated system were tricked into fscking a malicious ext2/ext3 filesystem, a remote attacker could execute arbitrary code with the user's privileges.

[USN-550-2] Cairo regression

Mon, 10 Dec 2007 20:36:29 +0000

Ubuntu Security Notice USN-550-2          December 10, 2007
libcairo regression
https://launchpad.net/bugs/NNNNNN

A security issue affects the following Ubuntu releases:

Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 7.04

libcairo2 1.4.2-0ubuntu1.2

Ubuntu 7.10

libcairo2 1.4.10-1ubuntu4.2

After a standard system upgrade you need to restart your session to effect the necessary changes.

Details follow:

USN-550-1 fixed vulnerabilities in Cairo. The upstream fixes were incomplete, and under certain situations, applications using Cairo would crash with a floating point error. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

[USN-550-3] Cairo regression

Thu, 13 Dec 2007 04:18:42 +0000

Ubuntu Security Notice USN-550-3          December 13, 2007
libcairo regression
Bug 175573

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

libcairo2 1.0.4-0ubuntu1.2

Ubuntu 6.10

libcairo2 1.2.4-1ubuntu2.2

Ubuntu 7.04

libcairo2 1.4.2-0ubuntu1.3

Ubuntu 7.10

libcairo2 1.4.10-1ubuntu4.4

After a standard system upgrade you need to restart your session to effect the necessary changes.

Details follow:

USN-550-1 fixed vulnerabilities in Cairo. A bug in font glyph rendering was uncovered as a result of the new memory allocation routines. In certain situations, fonts containing characters with no width or height would not render any more. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

[USN-556-1] Samba vulnerability

Tue, 18 Dec 2007 19:27:46 +0000

Ubuntu Security Notice USN-556-1          December 18, 2007
samba vulnerability
CVE-2007-6015

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

libsmbclient 3.0.22-1ubuntu3.6
samba 3.0.22-1ubuntu3.6

Ubuntu 6.10

libsmbclient 3.0.22-1ubuntu4.5
samba 3.0.22-1ubuntu4.5

Ubuntu 7.04

libsmbclient 3.0.24-2ubuntu1.5
samba 3.0.24-2ubuntu1.5

Ubuntu 7.10

libsmbclient 3.0.26a-1ubuntu2.3
samba 3.0.26a-1ubuntu2.3

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Alin Rad Pop discovered that Samba did not correctly check the size of reply packets to mailslot requests. If a server was configured with domain logon enabled, an unauthenticated remote attacker could send a specially crafted domain logon packet and execute arbitrary code or crash the Samba service. By default, domain logon is disabled in Ubuntu.

[USN-557-1] GD library vulnerability

Wed, 19 Dec 2007 01:34:03 +0000

Ubuntu Security Notice USN-557-1          December 18, 2007
libgd2 vulnerability
CVE-2007-3996

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

libgd2-noxpm 2.0.33-2ubuntu5.3
libgd2-xpm 2.0.33-2ubuntu5.3

Ubuntu 6.10

libgd2-noxpm 2.0.33-4ubuntu2.2
libgd2-xpm 2.0.33-4ubuntu2.2

Ubuntu 7.04

libgd2-noxpm 2.0.34~rc1-2ubuntu1.2
libgd2-xpm 2.0.34~rc1-2ubuntu1.2

Ubuntu 7.10

libgd2-noxpm 2.0.34-1ubuntu1.1
libgd2-xpm 2.0.34-1ubuntu1.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Mattias Bengtsson and Philip Olausson discovered that the GD library did not properly perform bounds checking when creating images. An attacker could send specially crafted input to applications linked against libgd2 and cause a denial of service or possibly execute arbitrary code.

[USN-558-1] Linux kernel vulnerabilities

Wed, 19 Dec 2007 03:38:34 +0000

Ubuntu Security Notice USN-558-1          December 19, 2007
linux-source-2.6.17/20/22 vulnerabilities
CVE-2006-6058, CVE-2007-4133, CVE-2007-4567, CVE-2007-4849,
CVE-2007-4997, CVE-2007-5093, CVE-2007-5500, CVE-2007-5501

A security issue affects the following Ubuntu releases:

Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.10

linux-image-2.6.17-12-386 2.6.17.1-12.42
linux-image-2.6.17-12-generic 2.6.17.1-12.42
linux-image-2.6.17-12-hppa32 2.6.17.1-12.42
linux-image-2.6.17-12-hppa64 2.6.17.1-12.42
linux-image-2.6.17-12-itanium 2.6.17.1-12.42
linux-image-2.6.17-12-mckinley 2.6.17.1-12.42
linux-image-2.6.17-12-powerpc 2.6.17.1-12.42
linux-image-2.6.17-12-powerpc-smp 2.6.17.1-12.42
linux-image-2.6.17-12-powerpc64-smp 2.6.17.1-12.42
linux-image-2.6.17-12-server 2.6.17.1-12.42
linux-image-2.6.17-12-server-bigiron 2.6.17.1-12.42
linux-image-2.6.17-12-sparc64 2.6.17.1-12.42
linux-image-2.6.17-12-sparc64-smp 2.6.17.1-12.42

Ubuntu 7.04

linux-image-2.6.20-16-386 2.6.20-16.33
linux-image-2.6.20-16-generic 2.6.20-16.33
linux-image-2.6.20-16-hppa32 2.6.20-16.33
linux-image-2.6.20-16-hppa64 2.6.20-16.33
linux-image-2.6.20-16-itanium 2.6.20-16.33
linux-image-2.6.20-16-lowlatency 2.6.20-16.33
linux-image-2.6.20-16-mckinley 2.6.20-16.33
linux-image-2.6.20-16-powerpc 2.6.20-16.33
linux-image-2.6.20-16-powerpc-smp 2.6.20-16.33
linux-image-2.6.20-16-powerpc64-smp 2.6.20-16.33
linux-image-2.6.20-16-server 2.6.20-16.33
linux-image-2.6.20-16-server-bigiron 2.6.20-16.33
linux-image-2.6.20-16-sparc64 2.6.20-16.33
linux-image-2.6.20-16-sparc64-smp 2.6.20-16.33

Ubuntu 7.10

linux-image-2.6.22-14-386 2.6.22-14.47
linux-image-2.6.22-14-cell 2.6.22-14.47
linux-image-2.6.22-14-generic 2.6.22-14.47
linux-image-2.6.22-14-hppa32 2.6.22-14.47
linux-image-2.6.22-14-hppa64 2.6.22-14.47
linux-image-2.6.22-14-itanium 2.6.22-14.47
linux-image-2.6.22-14-lpia 2.6.22-14.47
linux-image-2.6.22-14-lpiacompat 2.6.22-14.47
linux-image-2.6.22-14-mckinley 2.6.22-14.47
linux-image-2.6.22-14-powerpc 2.6.22-14.47
linux-image-2.6.22-14-powerpc-smp 2.6.22-14.47
linux-image-2.6.22-14-powerpc64-smp 2.6.22-14.47
linux-image-2.6.22-14-rt 2.6.22-14.47
linux-image-2.6.22-14-server 2.6.22-14.47
linux-image-2.6.22-14-sparc64 2.6.22-14.47
linux-image-2.6.22-14-sparc64-smp 2.6.22-14.47
linux-image-2.6.22-14-ume 2.6.22-14.47
linux-image-2.6.22-14-virtual 2.6.22-14.47
linux-image-2.6.22-14-xen 2.6.22-14.47

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

Details follow:

The minix filesystem did not properly validate certain filesystem values. If a local attacker could trick the system into attempting to mount a corrupted minix filesystem, the kernel could be made to hang for long periods of time, resulting in a denial of service. (CVE-2006-6058)

Certain calculations in the hugetlb code were not correct. A local attacker could exploit this to cause a kernel panic, leading to a denial of service. (CVE-2007-4133)

Eric Sesterhenn and Victor Julien discovered that the hop-by-hop IPv6 extended header was not correctly validated. If a system was configured for IPv6, a remote attacker could send a specially crafted IPv6 packet and cause the kernel to panic, leading to a denial of service. This was only vulnerable in Ubuntu 7.04. (CVE-2007-4567)

Permissions were not correctly stored on JFFS2 ACLs. For systems using ACLs on JFFS2, a local attacker may gain access to private files. (CVE-2007-4849)

Chris Evans discovered that the 802.11 network stack did not correctly handle certain QOS frames. A remote attacker on the local wireless network could send specially crafted packets that would panic the kernel, resulting in a denial of service. (CVE-2007-4997)

The Philips USB Webcam driver did not correctly handle disconnects. If a local attacker tricked another user into disconnecting a webcam unsafely, the kernel could hang or consume CPU resources, leading to a denial of service. (CVE-2007-5093)

Scott James Remnant discovered that the waitid function could be made to hang the system. A local attacker could execute a specially crafted program which would leave the system unresponsive, resulting in a denial of service. (CVE-2007-5500)

Ilpo Järvinen discovered that it might be possible for the TCP stack to panic the kernel when receiving a crafted ACK response. Only Ubuntu 7.10 contained the vulnerable code, and it is believed not to have been exploitable. (CVE-2007-5501)

When mounting the same remote NFS share to separate local locations, the first location's mount options would apply to all subsequent mounts of the same NFS share. In some configurations, this could lead to incorrectly configured permissions, allowing local users to gain additional access to the mounted share. (https://launchpad.net/bugs/164231)

[USN-559-1] MySQL vulnerabilities

Fri, 21 Dec 2007 07:25:53 +0000

Ubuntu Security Notice USN-559-1          December 21, 2007
mysql-dfsg-5.0 vulnerabilities
CVE-2007-3781, CVE-2007-5925, CVE-2007-5969, CVE-2007-6304

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

mysql-server-5.0 5.0.22-0ubuntu6.06.6

Ubuntu 6.10

mysql-server-5.0 5.0.24a-9ubuntu2.2

Ubuntu 7.04

mysql-server-5.0 5.0.38-0ubuntu1.2

Ubuntu 7.10

mysql-server-5.0 5.0.45-1ubuntu3.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Joe Gallo and Artem Russakovskii discovered that the InnoDB engine in MySQL did not properly perform input validation. An authenticated user could use a crafted CONTAINS statement to cause a denial of service. (CVE-2007-5925)

It was discovered that under certain conditions MySQL could be made to overwrite system table information. An authenticated user could use a crafted RENAME statement to escalate privileges. (CVE-2007-5969)

Philip Stoev discovered that the the federated engine of MySQL did not properly handle responses with a small number of columns. An authenticated user could use a crafted response to a SHOW TABLE STATUS query and cause a denial of service. (CVE-2007-6304)

It was discovered that MySQL did not properly enforce access controls. An authenticated user could use a crafted CREATE TABLE LIKE statement to escalate privileges. (CVE-2007-3781)

[USN-560-1] Tomboy vulnerability

Tue, 08 Jan 2008 02:04:32 +0000

Ubuntu Security Notice USN-560-1           January 07, 2008
tomboy vulnerability
CVE-2005-4790

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

tomboy 0.3.5-1ubuntu3.1

Ubuntu 6.10

tomboy 0.4.1-0ubuntu3.1

Ubuntu 7.04

tomboy 0.6.3-0ubuntu1.1

Ubuntu 7.10

tomboy 0.8.0-1ubuntu0.1

After a standard system upgrade you need to restart Tomboy to effect the necessary changes.

Details follow:

Jan Oravec discovered that Tomboy did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program.

[USN-561-1] pwlib vulnerability

Wed, 09 Jan 2008 05:37:45 +0000

Ubuntu Security Notice USN-561-1           January 08, 2008
pwlib vulnerability
CVE-2007-4897

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

libpt-1.10.0 1.10.0-1ubuntu1.1

Ubuntu 6.10

libpt-1.10.0 1.10.2.dfsg-0ubuntu3.1

Ubuntu 7.04

libpt-1.10.0 1.10.3-0ubuntu1.1

Ubuntu 7.10

libpt-1.10.0 1.10.10-0ubuntu2.1

After a standard system upgrade you need to restart your session to effect the necessary changes.

Details follow:

Jose Miguel Esparza discovered that pwlib did not correctly handle large string lengths. A remote attacker could send specially crafted packets to applications linked against pwlib (e.g. Ekiga) causing them to crash, leading to a denial of service.

[USN-562-1] opal vulnerability

Wed, 09 Jan 2008 05:38:38 +0000

Ubuntu Security Notice USN-562-1           January 08, 2008
opal vulnerability
CVE-2007-4924

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

libopal-2.2.0 2.2.1-1ubuntu1.1

Ubuntu 6.10

libopal-2.2.0 2.2.3.dfsg-0ubuntu2.1

Ubuntu 7.04

libopal-2.2.0 2.2.3.dfsg-2ubuntu2.1

After a standard system upgrade you need to restart your session to effect the necessary changes.

Details follow:

Jose Miguel Esparza discovered that certain SIP headers were not correctly validated. A remote attacker could send a specially crafted packet to an application linked against opal (e.g. Ekiga) causing it to crash, leading to a denial of service.

[USN-563-1] CUPS vulnerabilities

Wed, 09 Jan 2008 05:40:10 +0000

Ubuntu Security Notice USN-563-1           January 09, 2008
cupsys vulnerabilities
CVE-2007-5849, CVE-2007-6358

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

cupsys 1.2.2-0ubuntu0.6.06.6

Ubuntu 6.10

cupsys 1.2.4-2ubuntu3.2

Ubuntu 7.04

cupsys 1.2.8-0ubuntu8.2

Ubuntu 7.10

cupsys 1.3.2-1ubuntu7.3

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Wei Wang discovered that the SNMP discovery backend did not correctly calculate the length of strings. If a user were tricked into scanning for printers, a remote attacker could send a specially crafted packet and possibly execute arbitrary code.

Elias Pipping discovered that temporary files were not handled safely in certain situations when converting PDF to PS. A local attacker could cause a denial of service.

[USN-564-1] Net-SNMP vulnerability

Wed, 09 Jan 2008 14:53:30 +0000

Ubuntu Security Notice USN-564-1           January 09, 2008
net-snmp vulnerability
CVE-2007-5846

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

snmpd 5.2.1.2-4ubuntu2.2

Ubuntu 6.10

snmpd 5.2.2-5ubuntu1.1

Ubuntu 7.04

snmpd 5.2.3-4ubuntu1.1

Ubuntu 7.10

snmpd 5.3.1-6ubuntu2.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Bill Trost discovered that snmpd did not properly limit GETBULK requests. A remote attacker could specify a large number of max-repetitions and cause a denial of service via resource exhaustion.

[USN-565-1] Squid vulnerability

Wed, 09 Jan 2008 22:22:24 +0000

Ubuntu Security Notice USN-565-1           January 09, 2008
squid vulnerability
CVE-2007-6239

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

squid 2.5.12-4ubuntu2.3

Ubuntu 6.10

squid 2.6.1-3ubuntu1.5

Ubuntu 7.04

squid 2.6.5-4ubuntu2.1

Ubuntu 7.10

squid 2.6.14-1ubuntu2.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

It was discovered that Squid did not always clean up cache memory correctly. A remote attacker could manipulate cache update replies and cause Squid to use all available memory, leading to a denial of service.

[USN-566-1] OpenSSH vulnerability

Thu, 10 Jan 2008 02:00:28 +0000

Ubuntu Security Notice USN-566-1           January 09, 2008
openssh vulnerability
CVE-2007-4752

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

openssh-client 1:4.2p1-7ubuntu3.2

Ubuntu 6.10

openssh-client 1:4.3p2-5ubuntu1.1

Ubuntu 7.04

openssh-client 1:4.3p2-8ubuntu1.1

Ubuntu 7.10

openssh-client 1:4.6p1-5ubuntu0.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Jan Pechanec discovered that ssh would forward trusted X11 cookies when untrusted cookie generation failed. This could lead to unintended privileges being forwarded to a remote host.

[USN-567-1] Dovecot vulnerability

Thu, 10 Jan 2008 22:01:59 +0000

Ubuntu Security Notice USN-567-1           January 10, 2008
dovecot vulnerability
CVE-2007-6598

A security issue affects the following Ubuntu releases:

Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 7.04

dovecot-imapd 1.0.rc17-1ubuntu2.2
dovecot-pop3d 1.0.rc17-1ubuntu2.2

Ubuntu 7.10

dovecot-imapd 1:1.0.5-1ubuntu2.1
dovecot-pop3d 1:1.0.5-1ubuntu2.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

It was discovered that in very rare configurations using LDAP, Dovecot may reuse cached connections for users with the same password. As a result, a user may be able to login as another if the connection is reused. The default Ubuntu configuration of Dovecot was not vulnerable.

[USN-568-1] PostgreSQL vulnerabilities

Mon, 14 Jan 2008 21:31:06 +0000

Ubuntu Security Notice USN-568-1           January 14, 2008
postgresql vulnerabilities
CVE-2007-3278, CVE-2007-4769, CVE-2007-4772, CVE-2007-6067,
CVE-2007-6600, CVE-2007-6601

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

postgresql-8.1 8.1.11-0ubuntu0.6.06.1
postgresql-pltcl-8.1 8.1.11-0ubuntu0.6.06.1

Ubuntu 6.10

postgresql-8.1 8.1.11-0ubuntu0.6.10.1
postgresql-pltcl-8.1 8.1.11-0ubuntu0.6.10.1

Ubuntu 7.04

postgresql-8.2 8.2.6-0ubuntu0.7.04.1
postgresql-pltcl-8.2 8.2.6-0ubuntu0.7.04.1

Ubuntu 7.10

postgresql-8.2 8.2.6-0ubuntu0.7.10.1
postgresql-pltcl-8.2 8.2.6-0ubuntu0.7.10.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Nico Leidecker discovered that PostgreSQL did not properly restrict dblink functions. An authenticated user could exploit this flaw to access arbitrary accounts and execute arbitrary SQL queries. (CVE-2007-3278, CVE-2007-6601)

It was discovered that the TCL regular expression parser used by PostgreSQL did not properly check its input. An attacker could send crafted regular expressions to PostgreSQL and cause a denial of service via resource exhaustion or database crash. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067)

It was discovered that PostgreSQL executed VACUUM and ANALYZE operations within index functions with superuser privileges and also allowed SET ROLE and SET SESSION AUTHORIZATION within index functions. A remote authenticated user could exploit these flaws to gain privileges. (CVE-2007-6600)

[USN-569-1] libxml2 vulnerability

Tue, 15 Jan 2008 00:13:03 +0000

Ubuntu Security Notice USN-569-1           January 14, 2008
libxml2 vulnerability
CVE-2007-6284

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

libxml2 2.6.24.dfsg-1ubuntu1.1

Ubuntu 6.10

libxml2 2.6.26.dfsg-2ubuntu4.1

Ubuntu 7.04

libxml2 2.6.27.dfsg-1ubuntu3.1

Ubuntu 7.10

libxml2 2.6.30.dfsg-2ubuntu1.1

After a standard system upgrade you need to restart your session to effect the necessary changes.

Details follow:

Brad Fitzpatrick discovered that libxml2 did not correctly handle certain UTF-8 sequences. If a remote attacker were able to trick a user or automated system into processing a specially crafted XML document, the application linked against libxml2 could enter an infinite loop, leading to a denial of service via CPU resource consumption.

[USN-570-1] boost vulnerabilities

Wed, 16 Jan 2008 22:45:38 +0000

Ubuntu Security Notice USN-570-1           January 16, 2008
boost vulnerabilities
CVE-2008-0171, CVE-2008-0172

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

libboost-regex1.33.1 1.33.1-2ubuntu0.1

Ubuntu 6.10

libboost-regex1.33.1 1.33.1-7ubuntu1.1

Ubuntu 7.04

libboost-regex1.33.1 1.33.1-9ubuntu3.1

Ubuntu 7.10

libboost-regex1.34.1 1.34.1-2ubuntu1.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Will Drewry and Tavis Ormandy discovered that the boost library did not properly perform input validation on regular expressions. An attacker could send a specially crafted regular expression to an application linked against boost and cause a denial of service via application crash.

[USN-571-1] X.org vulnerabilities

Fri, 18 Jan 2008 06:24:41 +0000

Ubuntu Security Notice USN-571-1           January 18, 2008
libxfont, xorg-server vulnerabilities
CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428,
CVE-2007-6429, CVE-2008-0006

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

libxfont1 1:1.0.0-0ubuntu3.4
xserver-xorg-core 1:1.0.2-0ubuntu10.8

Ubuntu 6.10

libxfont1 1:1.2.0-0ubuntu3.2
xserver-xorg-core 1:1.1.1-0ubuntu12.3

Ubuntu 7.04

libxfont1 1:1.2.7-1ubuntu1.1
xserver-xorg-core 2:1.2.0-3ubuntu8.1

Ubuntu 7.10

libxfont1 1:1.3.0-0ubuntu1.1
xserver-xorg-core 2:1.3.0.0.dfsg-12ubuntu8.1

After a standard system upgrade you need to restart your session to effect the necessary changes.

Details follow:

It was discovered that the X.org server did not use user privileges when attempting to open security policy files. Local attackers could exploit this to probe for files in directories they would not normally be able to access. (CVE-2007-5958)

It was discovered that the PCF font handling code did not correctly validate the size of fonts. An authenticated attacker could load a specially crafted font and gain additional privileges. (CVE-2008-0006)

[USN-572-1] apt-listchanges vulnerability

Fri, 18 Jan 2008 23:07:41 +0000

Ubuntu Security Notice USN-572-1           January 18, 2008
apt-listchanges vulnerability
CVE-2008-0302

A security issue affects the following Ubuntu releases:

Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 7.04

apt-listchanges 2.72ubuntu6.1

Ubuntu 7.10

apt-listchanges 2.74ubuntu3.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Felipe Sateler discovered that apt-listchanges did not use safe paths when importing additional Python libraries. A local attacker could exploit this and execute arbitrary commands as the user running apt-listchanges.

[USN-571-2] X.org regression

Sat, 19 Jan 2008 07:33:40 +0000

Ubuntu Security Notice USN-571-2           January 19, 2008
xorg-server regression
Bug 183969

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

xserver-xorg-core 1:1.0.2-0ubuntu10.10

Ubuntu 6.10

xserver-xorg-core 1:1.1.1-0ubuntu12.5

Ubuntu 7.04

xserver-xorg-core 2:1.2.0-3ubuntu8.3

Ubuntu 7.10

xserver-xorg-core 2:1.3.0.0.dfsg-12ubuntu8.3

After a standard system upgrade you need to restart your session to effect the necessary changes.

Details follow:

USN-571-1 fixed vulnerabilities in X.org. The upstream fixes were incomplete, and under certain situations, applications using the MIT-SHM extension (e.g. Java, wxWidgets) would crash with BadAlloc X errors. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Multiple overflows were discovered in the XFree86-Misc, XInput-Misc, TOG-CUP, EVI, and MIT-SHM extensions which did not correctly validate function arguments. An authenticated attacker could send specially crafted requests and gain root privileges. (CVE-2007-5760, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429) It was discovered that the X.org server did not use user privileges when attempting to open security policy files. Local attackers could exploit this to probe for files in directories they would not normally be able to access. (CVE-2007-5958) It was discovered that the PCF font handling code did not correctly validate the size of fonts. An authenticated attacker could load a specially crafted font and gain additional privileges. (CVE-2008-0006)

[USN-573-1] PulseAudio vulnerability

Thu, 31 Jan 2008 22:24:46 +0000

Ubuntu Security Notice USN-573-1           January 31, 2008
pulseaudio vulnerability
CVE-2008-0008

A security issue affects the following Ubuntu releases:

Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 7.04

pulseaudio 0.9.5-5ubuntu4.2

Ubuntu 7.10

pulseaudio 0.9.6-1ubuntu2.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

It was discovered that PulseAudio did not properly drop privileges when running as a daemon. Local users may be able to exploit this and gain privileges. The default Ubuntu configuration is not affected.

[USN-574-1] Linux kernel vulnerabilities

Mon, 04 Feb 2008 18:17:28 +0000

Ubuntu Security Notice USN-574-1          February 04, 2008
linux-source-2.6.17/20/22 vulnerabilities
CVE-2006-6058, CVE-2007-3107, CVE-2007-4567, CVE-2007-4849,
CVE-2007-4997, CVE-2007-5093, CVE-2007-5500, CVE-2007-5501,
CVE-2007-5966, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206,
CVE-2007-6417, CVE-2008-0001

A security issue affects the following Ubuntu releases:

Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.10

linux-image-2.6.17-12-386 2.6.17.1-12.43
linux-image-2.6.17-12-generic 2.6.17.1-12.43
linux-image-2.6.17-12-hppa32 2.6.17.1-12.43
linux-image-2.6.17-12-hppa64 2.6.17.1-12.43
linux-image-2.6.17-12-itanium 2.6.17.1-12.43
linux-image-2.6.17-12-mckinley 2.6.17.1-12.43
linux-image-2.6.17-12-powerpc 2.6.17.1-12.43
linux-image-2.6.17-12-powerpc-smp 2.6.17.1-12.43
linux-image-2.6.17-12-powerpc64-smp 2.6.17.1-12.43
linux-image-2.6.17-12-server 2.6.17.1-12.43
linux-image-2.6.17-12-server-bigiron 2.6.17.1-12.43
linux-image-2.6.17-12-sparc64 2.6.17.1-12.43
linux-image-2.6.17-12-sparc64-smp 2.6.17.1-12.43

Ubuntu 7.04

linux-image-2.6.20-16-386 2.6.20-16.34
linux-image-2.6.20-16-generic 2.6.20-16.34
linux-image-2.6.20-16-hppa32 2.6.20-16.34
linux-image-2.6.20-16-hppa64 2.6.20-16.34
linux-image-2.6.20-16-itanium 2.6.20-16.34
linux-image-2.6.20-16-lowlatency 2.6.20-16.34
linux-image-2.6.20-16-mckinley 2.6.20-16.34
linux-image-2.6.20-16-powerpc 2.6.20-16.34
linux-image-2.6.20-16-powerpc-smp 2.6.20-16.34
linux-image-2.6.20-16-powerpc64-smp 2.6.20-16.34
linux-image-2.6.20-16-server 2.6.20-16.34
linux-image-2.6.20-16-server-bigiron 2.6.20-16.34
linux-image-2.6.20-16-sparc64 2.6.20-16.34
linux-image-2.6.20-16-sparc64-smp 2.6.20-16.34

Ubuntu 7.10

linux-image-2.6.22-14-386 2.6.22-14.51
linux-image-2.6.22-14-cell 2.6.22-14.51
linux-image-2.6.22-14-generic 2.6.22-14.51
linux-image-2.6.22-14-hppa32 2.6.22-14.51
linux-image-2.6.22-14-hppa64 2.6.22-14.51
linux-image-2.6.22-14-itanium 2.6.22-14.51
linux-image-2.6.22-14-lpia 2.6.22-14.51
linux-image-2.6.22-14-lpiacompat 2.6.22-14.51
linux-image-2.6.22-14-mckinley 2.6.22-14.51
linux-image-2.6.22-14-powerpc 2.6.22-14.51
linux-image-2.6.22-14-powerpc-smp 2.6.22-14.51
linux-image-2.6.22-14-powerpc64-smp 2.6.22-14.51
linux-image-2.6.22-14-rt 2.6.22-14.51
linux-image-2.6.22-14-server 2.6.22-14.51
linux-image-2.6.22-14-sparc64 2.6.22-14.51
linux-image-2.6.22-14-sparc64-smp 2.6.22-14.51
linux-image-2.6.22-14-ume 2.6.22-14.51
linux-image-2.6.22-14-virtual 2.6.22-14.51
linux-image-2.6.22-14-xen 2.6.22-14.51

After a standard system upgrade you need to reboot your computer to effect the necessary changes.

Details follow:

The signal handling on PowerPC systems using HTX allowed local users to cause a denial of service via floating point corruption. This was only vulnerable in Ubuntu 6.10 and 7.04. (CVE-2007-3107)

The Linux kernel did not properly validate the hop-by-hop IPv6 extended header. Remote attackers could send a crafted IPv6 packet and cause a denial of service via kernel panic. This was only vulnerable in Ubuntu 7.04. (CVE-2007-4567)

The JFFS2 filesystem with ACL support enabled did not properly store permissions during inode creation and ACL setting. Local users could possibly access restricted files after a remount. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-4849)

Chris Evans discovered an issue with certain drivers that use the ieee80211_rx function. Remote attackers could send a crafted 802.11 frame and cause a denial of service via crash. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-4997)

Alex Smith discovered an issue with the pwc driver for certain webcam devices. A local user with physical access to the system could remove the device while a userspace application had it open and cause the USB subsystem to block. This was only vulnerable in Ubuntu 7.04. (CVE-2007-5093)

Scott James Remnant discovered a coding error in ptrace. Local users could exploit this and cause the kernel to enter an infinite loop. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-5500)

It was discovered that the Linux kernel could dereference a NULL pointer when processing certain IPv4 TCP packets. A remote attacker could send a crafted TCP ACK response and cause a denial of service via crash. This was only vulnerable in Ubuntu 7.10. (CVE-2007-5501)

Warren Togami discovered that the hrtimer subsystem did not properly check for large relative timeouts. A local user could exploit this and cause a denial of service via soft lockup. (CVE-2007-5966)

Venustech AD-LAB discovered a buffer overflow in the isdn net subsystem. This issue is exploitable by local users via crafted input to the isdn_ioctl function. (CVE-2007-6063)

It was discovered that the isdn subsystem did not properly check for NULL termination when performing ioctl handling. A local user could exploit this to cause a denial of service. (CVE-2007-6151)

Blake Frantz discovered that when a root process overwrote an existing core file, the resulting core file retained the previous core file's ownership. Local users could exploit this to gain access to sensitive information. (CVE-2007-6206)

Hugh Dickins discovered the when using the tmpfs filesystem, under rare circumstances, a kernel page may be improperly cleared. A local user may be able to exploit this and read sensitive kernel data or cause a denial of service via crash. (CVE-2007-6417)

Bill Roman discovered that the VFS subsystem did not properly check access modes. A local user may be able to gain removal privileges on directories. (CVE-2008-0001)

[USN-575-1] Apache vulnerabilities

Tue, 05 Feb 2008 00:14:49 +0000

Ubuntu Security Notice USN-575-1          February 04, 2008
apache2 vulnerabilities
CVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000,
CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS

apache2-mpm-perchild 2.0.55-4ubuntu2.3
apache2-mpm-prefork 2.0.55-4ubuntu2.3
apache2-mpm-worker 2.0.55-4ubuntu2.3

Ubuntu 6.10

apache2-mpm-perchild 2.0.55-4ubuntu4.2
apache2-mpm-prefork 2.0.55-4ubuntu4.2
apache2-mpm-worker 2.0.55-4ubuntu4.2

Ubuntu 7.04

apache2-mpm-event 2.2.3-3.2ubuntu2.1
apache2-mpm-perchild 2.2.3-3.2ubuntu2.1
apache2-mpm-prefork 2.2.3-3.2ubuntu2.1
apache2-mpm-worker 2.2.3-3.2ubuntu2.1

Ubuntu 7.10

apache2-mpm-event 2.2.4-3ubuntu0.1
apache2-mpm-perchild 2.2.4-3ubuntu0.1
apache2-mpm-prefork 2.2.4-3ubuntu0.1
apache2-mpm-worker 2.2.4-3ubuntu0.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This was only vulnerable in Ubuntu 6.06. (CVE-2006-3918)

It was discovered that when configured as a proxy server and using a threaded MPM, Apache did not properly sanitize its input. A remote attacker could send Apache crafted date headers and cause a denial of service via application crash. By default, mod_proxy is disabled in Ubuntu. (CVE-2007-3847)

It was discovered that mod_autoindex did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2007-4465)

It was discovered that mod_imap/mod_imagemap did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_imap/mod_imagemap is disabled in Ubuntu. (CVE-2007-5000)

It was discovered that mod_status when status pages were available, allowed for cross-site scripting attacks. By default, mod_status is disabled in Ubuntu. (CVE-2007-6388)

It was discovered that mod_proxy_balancer did not sanitize its input, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6421)

It was discovered that mod_proxy_balancer could be made to dereference a NULL pointer. A remote attacker could send a crafted request and cause a denial of service via application crash. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422)

It was discovered that mod_proxy_ftp did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005)